Bug Reports - Page 30 - Burp Suite User Forum

Plaintext Password Storage

Hello, If upstream proxy authentication is configured, the password is stored in cleartext within UserConfigPro.json; line 23 in my file. Cheers, Mark

Match and Replace does not seem to work correctly with CJK characters

I'm trying to replace a JSON which contains Japanese characters, I want to replace them with Chinese characters, then the HTTP history shows that no modification was made. (by the way I was unable to send this post until...

Obfuscating attacks using encodings href example

Hello! Just a quick question. Is the example `<a href="javascript\u{0000000003a}alert(1)">Click me</a>` up to date here:...

Password reset poisonin via dangling markup

in the step 5 they all time show me that CSRF token is invalid. Even if I follow the video tutorial the thing is same. so help me to solve the lab.

Repeater - zero highlights

Hi, I noticed something strange in the latest version of Burp Suite. When I use the search tool in the Repeater tab, it always says that it couldn't find any results, even though there are actually some matches.

Burp Suite Community Edition crashes and lags

Hello, I am using the Community version of Burp Suite and I have been experiencing some issues with the software. Every time I start it, it crashes and is full of lags and hangs. The experience with Burp Suite has been...

many tags and events get missing when 'copied to clipboard' in xss cheat sheet

Windows High DPI Scaling Issues

I have a 4k monitor on my laptop, currently set to 175% display scaling in Windows 11. In Burp, all text is noticeably fuzzy compared to other applications. I've read through all the related posts on this forum, none of...

Burp Suite crashes for some amount of time or takes a lot of RAM in this case ????

When I look at the Http History,Repeater Tabs If request or response contains large data, after I clicked that request burpsuite freezes for half an hour until that request loads. It looks like a kind of normal text editor...

Login Record Sequence

I recorded a login sequence successfully. when replaying a recorded login sequence i realized that it does the first 2 steps opening the webpage and typing the user name. but it does not click on the next button and stays...

Tutorial (possible issue): HTTP request smuggling, basic TE.CL vulnerability

Dear Burp Suite, No hurry. I'll work on other tutorials. But this one seems to be broken at the moment. In running this tutorial, getting an unexpected error. HTTP/1.1 400 Bad Request "error":"Read timeout" 1)...

Other labs are opening except this one

this lab is not opening. is there a problem from your end (other labs are opening except this one) Lab: Reflected XSS with event handlers and href attributes blocked EXPERT LAB

Lab: SQL injection attack, querying the database type and version on Oracle

Hello there, I don't know if this legal but I'm going to write exactly what I did and the error I encountered (It doesn't say I have solved the lab). So I determined the number of columns required for the Query and...

Even if you search with the search bar, the number of matches is not displayed and "0 highlights" is displayed.

When searching for a string entered in advance in the HTTP message editor, the number of matches is not displayed in the search bar, and "0 highlights" is displayed. A few versions of burp used to show the number of matches...

Can't gracefully close BurpSuite when detaching and reattaching Collaborator window

I'm experiencing this issue every time i detach the Collaborator window and i reattach it later on. Since this issue arised for the first time, now every time i start BurpSuite the Collaborator tab is detached and hidden:...

Adding Space in Header Kettles Request

Hey, I'm going through the following lab: Password reset poisoning via dangling markup Whenever I add a space to my Host header, Burp Suite kettles my request which causes the CSRF token to not be sent along correctly...

Failed to configure embedded browser

Installation on Windows 10 machine. I get the error message "Failed to configure the embedded browser" when running the installation for Burp Pro

Problem with web cache poisoning labs

Hi, It seems like web cache poisoning labs are not vulnerable anymore. Any time you send the same GET / request it always returns X-cache: miss header, never "hit". I´m not able to solve even the labs that I´ve...

Password Reset Poisoning via Dangling Markeup

This lab is not working for me at all. I'm following a video online and doing the steps exactly but when I try to add a port it says 504 Gateway Timeout. OR it says bad request CRSF token expired or something along those...

Lab Cache Poisoning - Cache key injection

For some reason I cannot solve this lab. First, I'm sending this poison to localize.js file. I'm receiving the HIT response. GET /js/localize.js?lang=en?utm_content=z&cors=1&x=1 HTTP/2 Host:...